An Extension adds functionality from a Domino App into the Domino UI without changing the core Domino codebase. It shows up where your users already work: a link in the Project sidebar, an entry on a Dataset details page, an action on a Model, a filetype association, or a new page in the Admin Panel. When a user clicks it, Domino opens the underlying App and passes along the context of the page it came from.
An Extension is not an App, and an App is not an Extension. An Extension points to an App. You build the App once, then create one or more Extensions that surface it at specific places in the UI. The same App can power several Extensions, and you can change which App version an Extension points to without rebuilding anything.
Using Domino APIs and Domino look-and-feel, an Extension can be made to feel like an integrated part of the Domino experience.
|
Note
| Only Admins can create Extensions. |
An Extension connects three things: an App that does the work, a mount point that decides where the Extension appears, and the context that the mount point passes to the App as query parameters. The workflow is the same regardless of where you mount it:
-
Build an App with extended identity propagation enabled. This is the only hard requirement on the App itself.
-
Choose a mount point. The mount point determines where the Extension link appears in the UI and which context it passes.
-
Handle the context in your App if you want it to respond to the page it was opened from. This step is optional.
-
Create and configure the Extension, selecting the App version and one or more mount points.
-
Use the Extension by navigating to a page where it is mounted and clicking the link.
-
Manage the Extension from the Admin panel: enable, disable, edit, or delete it.
The rest of this page walks through each step, then covers the mount point reference and the guidelines your App should follow.
Create an App to use as the Extension’s backend, or reuse an existing one.
-
Use a standard Compute Environment such as the DSE if it has what your App needs. If your App depends on packages or other dependencies that a standard environment doesn’t provide, create your own Compute Environment first and use it with the App.
-
The App must be created as an admin with extended identity propagation enabled. In the App publish flow, this is the Allow App to act for viewers in Domino option on the Access & sharing step. With this turned on, the App acts using each viewer’s Domino identity, so it can read files and data and run Jobs with that viewer’s * permissions. Domino enforces this requirement because the identity propagation mechanism is what supplies the per-request token your App uses to call Domino APIs. An App without it cannot back an Extension.
-
Deep linking with query parameters is optional but recommended to allow context-aware behavior in the Extension’s App. This allows the Extension’s App to, for example, assume the Project context it was entered from, or know what file to operate on, etc.
-
Users must have permission to view the underlying App to use the Extension.
A mount point is the location in the Domino UI where the Extension link appears. Five mount point types are available:
| Mount point | Where it appears |
|---|---|
Projects | The navigation sidebar for every Project |
Files | The three-dot menu for files in Datasets |
Datasets | The details page for every Dataset |
Models | The details page for Models |
Admin | A new page in the Admin panel |
A single Extension can use more than one mount point. Pick the places where the Extension’s function is relevant to what the user is looking at. Typically, one App will correspond to one Extension, but if your Extension’s App behaves differently for different mount points or, depending on the context passed in, you want to expose different versions of an App, you can create multiple Extensions from the same underlying App.
When a user opens an Extension, the mount point passes the context of the originating page to your App as query parameters on the root route (/). Handling them is optional, but it lets the App respond to the specific Project, Dataset, file, or Model the user came from.
Each mount point passes a fixed set of parameters:
| Mount point | Query parameters passed |
|---|---|
Projects |
|
Files |
|
Datasets |
|
Models |
|
Admin | none |
-
To use the context, read these parameters on your App’s root route and act on them.
-
Validate that required parameters are present and return a clear error when they are missing, since a user can reach the App’s URL without them.
-
Authenticate to Domino with the per-request bearer token from the
Authorizationheader rather than an API key.
The example below is a Flask App mounted on Datasets. It reads datasetId, then calls the Domino Datasets API with the forwarded token to fetch that Dataset’s details. The same pattern applies to any mount point: read the parameters from the table above and pass the token through.
import flask
import requests
@app.route("/")
def index():
dataset_id = flask.request.args.get("datasetId")
if not dataset_id:
return flask.Response("Missing required query parameter: datasetId", status=400)
# Forward the per-request token that identity propagation supplies.
auth_header = flask.request.headers.get("Authorization", "")
url = f"{DOMINO_HOST}/api/datasetrw/v1/datasets/{dataset_id}"
try:
response = requests.get(url, headers={"Authorization": auth_header})
response.raise_for_status()
except requests.HTTPError as e:
return flask.Response(f"Failed to fetch dataset: {e}", status=e.response.status_code)
dataset = response.json().get("dataset", {})
# Render dataset details in your App.A Project’s mount point reads projectId, a Model’s mount point reads modelId and modelVersionId, and a File’s mount point reads datasetId, datasetSnapshotId, and datasetFilePath. An Admin mount point passes no context, so its root route needs no parameter handling.
-
There are two ways to open the Create Extension modal:
-
From your App’s three-dot menu, select Create Extension.
-
In the Extensions tab of the Admin panel, select Create Extension.
-
-
In the modal, choose the App version to associate with the Extension, then add one or more mount points under Add Extension to, specifying any relevant scope (like file extension) if applicable.
-
Use Add Extension point to mount the same Extension in more than one place.
-
Select Create Extension to save.
The Extension is now available to all users who have permission to view the App. If a user does not have that permission, they will still see the Extension listed but be prompted to request access to the App.
-
Navigate to a page that has a mount point you configured.
-
Click the Extension link that appears in the Project sidebar of the Extensions panel on a Dataset or Model details page, or in the file three-dot menu.
-
Domino opens a new tab with the App’s contents and passes the page’s context as query parameters.
Manage existing Extensions from the Extensions tab in the Admin panel, reached through Platform settings.
-
Each Extension has a toggle.
-
Switch it off to disable the Extension, which removes it from its mount points without deleting it.
-
Switch it on to restore it.
-
-
Select Manage Extension for the rest of the actions.
-
Edit changes the mount point configuration and the App version the Extension points to.
-
Delete soft-deletes the Extension and removes it from everywhere in the UI.
-
|
Note
| Publishing a new version of the source App does not update the Extension automatically. An Extension keeps pointing to the App version it was created with until you change it. To move it to a newer version, select Manage Extension, then Edit, choose the new version under Version, and select Save & close. |
These practices keep an Extension’s App secure and predictable. The list reflects current guidance and will grow over time.
-
Call Domino APIs only from your App’s backend code, never from frontend code such as React.
-
Authenticate to Domino APIs with the JWT bearer token that is available on a per-request basis in the App backend. Do not use API keys or any other authentication method. The extended identity propagation mechanism places this token in each request, which is why Extensions are limited to Apps that have the feature enabled.
-
An Extension inherits its access controls from the underlying App. There is no separate permission layer to configure.
-
Write stateless Apps. If your App must keep state, give any stored data access controls equivalent to the source it came from. For instance, if the App pulls information from a Domino API and caches it outside request-scoped data structures, that cached copy needs controls functionally equivalent to the API it was read from.
-
To start Domino Jobs that run your App’s code rather than the target Project’s code, include that code in your App’s Compute Environment. When you start the Job through an API call, set the run command to the path of your file inside the Compute Environment, and pass your Compute Environment’s ID and revision ID, both of which are available as environment variables in the App runtime.
-
Where you can, declare all dependencies in the Dockerfile of your App’s Compute Environment and install nothing at runtime.
-
Clinical Data Explorer: Explore, filter, and visualize data through an intuitive web interface.
-
AutoML: Train, evaluate, and deploy machine learning models through a unified no-code interface.
-
Auto Model Documentation: Automatically generate professional ML model documentation from code and Experiment Manager artifacts.